Saturday, February 18, 2017

Burglars invited

I am playing around with Thingspeak. Its a real nice IOT platform with loads of possibillities. I will delve in the setup and use in a future story but something urged me to publish this first.

Thingspeak is an IOT service to which you can send information from an ESP-8266 for example and have it published on a website that is publically accessible. For me it is ideal for testing purposes. The service takes the data I send to it, and puts it on a chart. This makes it possible for me to examine information from my home systems even when I am at work or abroad.

I made a simple thermometer setup using an ESP and a Dallas DS18B20 which sends my man-cave temperature to Thingspeak.

So I was monitoring the temperature in my work-room when I suddenly noticed something. Look at the graph above and try to see what I saw.

As you can see the temperature was dropping overnight until between 10.10 and 10.30 when the temperature had sharp risen.

At 11.40 hour the temperature started falling again.

And as you can see at around 16.40 the temperature started rising again. Neat huh ???

There goes the privacy

So when I got home from work and we sat at dinner I said to my girlfriend: 
" Hey you woke up late today. And I saw that you went out at about half past twelve and came back at around half past five."

First she was flabbergasted and then mad. It was a serious breach of her privacy.

But how did I know ??

Well easy. My girlfriend is kind of ECO aware. So at night she turns down the heating. When she wakes she turns it on and when she leaves the house turns it off again and naturally turns it on again when she gets back.

Well the temperature chart told me when she woke, left the house and entered it again.

Actually no harm done. And I promised her I would dismantle the system.

But it got me thinking.

So I looked again at the settings of Thingspeak. Next to your data you can display a chart with the location of the measurements !!!

So I made this test and indeed it displayed the location I filled in next to my temperature chart. Wow.

And rest assured I am not living below sea-level I deliberately gave false coordinates.

A bit of searching on Thingspeak showed me several channels where people actually displayed data publically next to their location like the picture above shows.

Look at the chart above. It is an actual public channel I found on Thingspeak.
I guess the guy leaves it home at about 7 o'clock (that's when the temperature starts dropping) and returns at around 20.00 hour because at that time temperature start rising again.

And be aware of this: the displayed map is a Google map so you can zoom in until you are at street level !!!

Naturally the displayed data is just data from a bit more as 24 hour. However someone with false intentions might come back everyday to have a look at the chart and see a pattern..........

Burglars invited !!!

So please be carefull on what information you make PUBLICALLY available on IOT platforms. If it is private information make sure you checked the private checkbox in Thingspeak. And do not blame Thingspeak for any privacy breaches the users have inflicted on theirselves.

In a future story I will delve deeper into Thingspeak as the service is easy to use, full of possibillities and very usefull.

Till next time
Be carefull but have fun

Luc Volders